Total
428 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4401 | 2 Fr.simon Rundell, Typo3 | 2 Ste Parish Admin, Typo3 | 2009-12-22 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Parish Administration Database (ste_parish_admin) extension 0.1.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4395 | 2 Fr.simon Rundell, Typo3 | 2 Ste Prayer2, Typo3 | 2009-12-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Random Prayer 2 (ste_prayer2) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-4346 | 2 Toni Milovan, Typo3 | 2 Fe Rtenews, Typo3 | 2009-12-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Frontend news submitter with RTE (fe_rtenews) extension 1.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-4161 | 2 An Searchit, Typo3 | 2 An Searchit, Typo3 | 2009-12-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the [AN] Search it! (an_searchit) extension 2.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-4159 | 2 Ivan Kartolo, Typo3 | 2 Direct Mail, Typo3 | 2009-12-07 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the newsletter configuration feature in the backend module in the Direct Mail (direct_mail) extension 2.6.4 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-4167 | 2 Lukas Taferner, Typo3 | 2 It Basetag, Typo3 | 2009-12-06 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the Automatic Base Tags for RealUrl (lt_basetag) extension 1.0.0 for TYPO3 allows remote attackers to conduct "Cache spoofing" attacks via unspecified vectors. | |||||
| CVE-2009-4163 | 2 Tw Productfinder, Typo3 | 2 Tw Productfinder, Typo3 | 2009-12-06 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the TW Productfinder (tw_productfinder) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4158 | 2 Mario Matzulla, Typo3 | 2 Cal, Typo3 | 2009-12-02 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Calendar Base (cal) extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4166 | 2 Michal Hadr, Typo3 | 2 Mchtrips, Typo3 | 2009-12-02 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Trips (mchtrips) extension 2.0.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4165 | 2 Simple Glossar, Typo3 | 2 Simple Glossar, Typo3 | 2009-12-02 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the simple Glossar (simple_glossar) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4164 | 2 Simple Glossar, Typo3 | 2 Simple Glossar, Typo3 | 2009-12-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the simple Glossar (simple_glossar) extension 1.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-4162 | 2 Mauro Lorenzutti, Typo3 | 2 Wfqbe, Typo3 | 2009-12-02 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the DB Integration (wfqbe) extension 1.3.1 and earlier for TYPO3 allows local users to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2009-4160 | 2 Kurt Kunig, Typo3 | 2 Kk Downloader, Typo3 | 2009-12-02 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Simple download-system with counter and categories (kk_downloader) extension 1.2.1 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors. | |||||
| CVE-2009-3818 | 2 Stanislas Rolland, Typo3 | 2 Sr Freecap, Typo3 | 2009-10-28 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the session handling feature in freeCap CAPTCHA (sr_freecap) extension 1.2.0 and earlier for TYPO3 has unknown impact and attack vectors. | |||||
| CVE-2008-6685 | 2 Thomas Waggershauser, Typo3 | 2 Air Filemanager, Typo3 | 2009-08-18 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Frontend Filemanager (air_filemanager) 0.6.1 and earlier extension for TYPO3 allows remote attackers to execute arbitrary commands via unknown vectors. | |||||
| CVE-2008-6463 | 2 Fr.simon Rundell, Typo3 | 2 Pd Churchsearch, Typo3 | 2009-08-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Diocese of Portsmouth Church Search (pd_churchsearch) extension before 0.1.1, and 0.2.10 and earlier 0.2.x versions, an extension for TYPO3, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-2106 | 2 Projektseminar Proservice Wwu, Typo3 | 2 Virtual Civil Services, Typo3 | 2009-07-01 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Virtual Civil Services (civserv) extension 4.3.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-2104 | 2 Typo3, Udo Von Eynern | 2 Typo3, Modern Guest Book Commenting System | 2009-07-01 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Modern Guestbook / Commenting System (ve_guestbook) extension 2.7.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-2103 | 2 Steve Grundell, Typo3 | 2 Frontend Mp3 Player, Typo3 | 2009-06-22 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Frontend MP3 Player (fe_mp3player) 0.2.3 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-1264 | 2 Stanislas Rolland, Typo3 | 2 Sr Feuser Register, Typo3 | 2009-04-07 | 4.0 MEDIUM | N/A |
| Frontend User Registration (sr_feuser_register) extension 2.5.20 and earlier for TYPO3 does not properly verify access rights, which allows remote authenticated users to obtain sensitive information such as passwords via unknown attack vectors. | |||||